Jump to content


Photo
- - - - -

You’ve got to love some of the bugtraq exploits


  • Please log in to reply
4 replies to this topic

#1 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 11 November 2002 - 06:03 AM

Take this one for example
http://online.securi...08/2002-11-14/0

when you follow the link { http://www.why4.com/hack.html } (if you are vulnerable to it - it being execution of arbitrary code in internet explorer) then you computer will do the following:

/k net send * ..HELP..MY..COMPUTER..IS..HACKED..

- with a slash “k” for good measure which I believe leves the cmd window up after the code executes.

#2 holy_handgrenade

holy_handgrenade

    HACK THE PLANET!

  • Members
  • 62 posts

Posted 11 November 2002 - 12:07 PM

Just a warning to you folks out there checking the site at school or work.

Dont test the link yourself. It sends the netsend message to the domain. I was under the impression that it grabbed your ip and sent it that way.

So I posted it to a friend, who was at work at the time. Needless to say, coworkers and sysadmins were "not happy".

Just a heads up.

#3 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 12 November 2002 - 12:20 AM

interesting that it takes advantage of a bug in the HELP function. IE can acces help and vice-versa, which allows the connection.

This could be very funny to use and INTENTIONALLY embarrass someone.

:aholesign:

Ooooooo, maybe I should write a page to use this exploit and we can connect to it from stores like circuit city and stuff (although CC uses linux, but you get the point).

:ahole:

That could be fun.

#4 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 12 November 2002 - 07:33 AM

although CC uses linux, but you get the point

Seeing as you've said your a newB to Linux (as am I), I thought i'd point out that Linux can also send "net send" messages to a Windows network.

The Linux version of software to do this can also send messages with carriage returns, which im not sure the windows version can/I haven’t found out how to do it. - But you'de obviously need console access to use it :(

I’d imagine their would be some terminals somewhere in CC (on the same domain) that use windows? …

#5 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 12 November 2002 - 11:44 AM

Actually, I did not see any windows terminals in CC. The publicly available ones are neolinux and the inventory ones are as/400 and the registers are probably some specific POS software.




BinRev is hosted by the great people at Lunarpages!